from the ONE-OF-US dept

Another large batch of Snowden docs have been released by The Intercept. The new documents are part of the site's "SID (Signals Intelligence Directorate) Today" collection, a sort of interoffice newsletter featuring discussions of intelligence-gathering efforts the agency has engaged in, as well as more mundane office business.

That's where they're running into problems. This SID Today document [PDF] deals with the IC's personal use of company computers -- namely, the "attribution" problem that develops when outside websites are accessed using IP addresses that can be traced back to the NSA and other IC components.

The IC uses a system called AIRGAP to provide internet access for IC employees while supposedly still preventing outsiders from tracing IP addresses back to sensitive locations. Set up in 1998 by "one of the world's largest internet providers," the system was supposed to provide non-attributable access to the outside internet world.

Unfortunately, as is detailed by the SID Today doc, the execution of AIRGAP was lacking.

One early concern about the firewall was that it funneled all internet traffic through a single IP address, meaning that if any activity on the address was revealed to be associated with U.S. spies, a broad swath of other activity could then be attributed to other U.S. spies. More IP addresses were subsequently added, but “occasionally we find that the ISP reverts to one address, or does not effectively rotate those assigned,” Speight wrote.

Speight added that the “greater security concern” was the very intelligence agents the system was designed to protect. “Despite rules and warnings to the contrary, all too frequently users will use AIRGAP for registering on web sites or for services, logging into other sites and services and even ordering personal items from on-line vendors,” Speight wrote in a classified passage. “By doing so, these users reveal information about themselves and, potentially, other users on the network. So much for ‘non-attribution.'”

It's the sort of simple carelessness that's almost unavoidable in large organizations. The NSA's effort to distance itself from its employees' internet use was thwarted by the ISP's funnel and IC employee sloppiness. As The Intercept points out, this mirrors some of the brainlessness exhibited by Russian hackers, who used a system designed to obscure their origin, but constantly undermined that protection by using the same system to log in to personal social media accounts.

The difference between the two is AIRGAP was just there to open a portal out of the IC's closed system. The Russian's system was designed to obscure the source of attacks. But the personal use of the IC's firewall/AIRGAP is still a violation of internal policy, as the document points out.

Rather than work towards preventing the unpreventable (personal web use), the IC set up another system -- OUTPARKS -- which provided more than 200 random IP addresses, all of which would be registered to an ISP, rather than the IC itself. Confusingly, the new system -- put in place in 2005 -- is also referred to as AIRGAP, primarily because IC employees are creatures of habit and referred to OUTPARKS as AIRGAP despite it being an entirely new, NSA-owned operation.

Ultimately, the document shows NSA employees are just like the rest of us: periodically bored and prone to using work computers for personal reasons.

Granted, as we pointed out at the time Australia is a notably different market, where the extremely high cost of transit means that most content companies strike such deals to genuinely save costs across the entire ecosystem. That's in contrast to the States, where transit is relatively cheap and ISPs have grown to use caps arbitrarily to protect legacy TV revenues from internet video. That still doesn't mean cap-exemption is a good business model for lovers of an open internet, and it's notable that Netflix's position on caps wasn't just muted in Australia, it was entirely absent.

Fast forward a month, and Netflix now suggests it regrets having struck the deals at all (or it regrets that people noted the inconsistencies in its position and demeanor on the issue). In a letter to investors (pdf) Netflix briefly touches on the Australian neutrality fracas. After applauding the FCC's decision to embrace Title II and examine interconnection more closely, the company issues an interesting mea culpa:

"Data caps inhibit Internet innovation and are bad for consumers. In Australia, we recently sought to protect our new members from data caps by participating in ISP programs that, while common in Australia, effectively condone discrimination among video services (some capped, some not). We should have avoided that and will avoid it going forward. Fortunately, most fixed-line ISPs are raising or eliminating data caps in line with our belief that ISPs should provide great video for all services in a market and let consumers do the choosing."

We'll have to watch closely if Netflix's regret includes fighting to eliminate caps in Australia, or continuing to bow quietly to the status quo. Meanwhile, Netflix's international expansion plans this year involve reaching 200 countries by the end of the year, so the company will have plenty of opportunities to put this promise to the test.

from the simple-errors-cause-bigger-headaches dept

This could have happened to any civilian, but it happened to a sheriff's deputy. While investigating a former Danes County (WI) deputy for sexual assault charges related to his inappropriate relationship with a convict (state law makes this a sexual assault crime even if consensual, because of the supervisory role deputies have), investigators came across child porn images stored on his computer.

The detectives acquired two warrants: one to search Deputy Jeffrey Hilgers' home for evidence of his relationship with the inmate (now out on probation) and one to search his computer for more child porn. But they screwed up. The end result: all seven child pornography charges have been dropped.

Child pornography possession charges against a former Dane County sheriff’s deputy were dismissed Wednesday after a judge ruled that there was a fatal cut-and-paste error on a search warrant that led to the discovery of the illegal images on the deputy’s computers.

Dane County Circuit Judge John Markson ruled that in fashioning a search warrant for the home of former deputy Jeffrey C. Hilgers, 43, investigators inadvertently used a paragraph which stated that they were seeking child pornography, and not one specifying a search for evidence of an illicit relationship between Hilgers and a woman who was serving a jail sentence at home on electronic monitoring.

Hilgers is still possibly on the hook for second-degree sexual assault charges, but everything related to the child porn discovered in his possession has been vanished away. The judge called the error "insurmountable." Details matter, and it makes no difference that it was someone in law enforcement facing these charges. The judge recognized that it was the sort of error anyone could make.

“I do think that likely what happened was a result of cutting and pasting by using a warrant from a different case that involved child pornography,” Markson said, agreeing with an explanation for the error provided earlier by Deputy District Attorney Michelle Viste.

Anyone could have made this mistake, but that doesn't excuse it. People are wrongly jailed due to procedural errors. And people walk away from criminal charges for the same thing. Our nation's law enforcement officers wield a considerable amount of power -- especially when coupled with government prosecutors. But this power must be constrained if justice is the desired outcome. Not every warrant is its own special snowflake, but if prosecutors want the acquired evidence to hold up in court, they need to be sure those below them have been diligent in their work.

A second-degree assault charge is all that remains -- something that seems extremely odd considering the former deputy and former inmate are now married. (For now...) But the more damning charges no longer exist because someone decided to boilerplate the warrant app using wording borrowed from another case. Warrants may be largely similar but each case is unique, and if the words "probable cause" are going to be worth anything, unfortunate situations like these need to happen. Otherwise, every warrant will become boilerplate and the "probable cause" used to justify the search will be nothing more than taking the (sworn) words out of someone else's mouth and using someone else's alleged misdeeds to justify the search of another person's property.

from the urls-we-dig-up dept

Advertising is a tricky business. Content producers can be as thoughtful and careful as they think they can be, and they can still make mistakes, really, really bad mistakes sometimes. Audiences everywhere are ready to jump on an ad that wastes their precious time or misleads them or offends some sensibility. But it's not always (ever?) easy to make content that is both compelling and also good for selling widgets (or promoting a message). Check out a few of these links on advertising campaigns gone a bit wrong.

Sesame Street also tweeted a mildly humorous joke about Serial. However, the children's TV show didn't provoke much backlash for making a pun related to a murder case. Not-for-profit muppets aren't apparently held to the same standards as retailers, but then again, Bert didn't actually refer to anything specific in the murder case. [url]

If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

from the trust-us-we're-the-cable-company dept

While debate over the Comcast merger had hit a bit of a lull for Thanksgiving, it was revived this week with the launch of a group calling itself the Stop Mega Comcast Coalition. Formed by a combination of companies like Dish and consumer advocacy groups like Public Knowledge, the group is lobbying to stop the merger on the grounds it harms competition, price and innovation across a number of markets, including broadband, television, and advertising. Of course, group participants Fairpoint Communications and Dish would likely give a limb to wield the kind of market power Comcast enjoys, but you're apparently supposed to ignore that and just applaud their selfless dedication to consumer welfare.

The unveiling of the group resulted in Comcast penning a blog post in which it slammed the new group for trotting out complaints that "weren't found to be credible" in the company's past transaction reviews (like when Comcast acquired NBC, then ignored the merger conditions crafted by itself). To hear Comcast tell it, the company found at least 600 "thoughtful and positive" people who think Comcast getting immensely more massive is a great idea:

"While it’s no surprise that the same competitors and special interest groups who’ve gone after Comcast in the past are at it again, the record tells a very different story. Over the last several months, the FCC has received an outpouring of nearly 600 thoughtful and positive comments about the transaction from a wide range of supporters. Unlike most of the criticism, the support has been very transaction-specific.

This support includes more than 100 Chambers of Commerce and business organizations, as well as a wide array of small businesses, start-ups, and technology companies. It includes more than 20 programmers, nearly 200 diversity groups and community partners, and over 150 state and local leaders of both parties."

"We are still working with a vendor to analyze the FCC spreadsheet but in case it shows that there are any consumers in census blocks that may lose a broadband choice, want to make sure these sentences are more nuanced."

That's essentially Comcast accidentally publicly admitting that, even after a year of merger prep and defense, that it doesn't actually fully understand the impact of its own deal proposal. The note suggests Comcast had to pay an outside vendor to double check FCC data (provided to the FCC by Comcast), and then would have softened its rhetoric depending on what the analysis found. In a follow up e-mail to me, Comcast denies that it doesn't understand its own $45 billion mega-merger, but then adds to truly do so would take actually visiting some neighborhoods:

"Karl, our filings have detailed this issue in the past. It would literally take someone walking the streets or going down to a house by house map to find out if there is any actual overlap - and this would be if any likely in only a very very small number of homes."

Perhaps you should maybe go do that before repeatedly insisting there's no competitive overlap? Sure, it's true that the merger is more about vertical integration, programming leverage and monopsony concerns than direct market competition, but that doesn't make Comcast's stumbling, bumbling defense of the deal any less entertaining.

from the technology-and-stuff dept

All too often it seems as though companies take themselves entirely too seriously these days. With branding being seen as all important, too often the concept of actually behaving in a human and awesome way is lost, leading to a total lack of personality. Chevy, on the other hand, showed everyone else exactly how to handle the internet's cruel mockery.

If you're even a casual baseball fan, you probably watched some part of the game 7 World Series final the other night. If you stuck around for the presentation of the MVP trophy to pitcher Madison Bamgarner, you witnessed local Chevy guy, Rikk Wilde, attempt to give the sponsored trophy away. It did not go well.

While it is certainly understandable how a local guy with probably limited experience with speaking publicly before a national audience might fall victim to nerves in this scenario, the internet is a cruel observer and it went nuts with this video. In particular, Wilde's attempt to sell the world on the sweetness of Chevy vehicles due to the inclusion of "technology...and stuff" was instantly transformed into the meme du jour. Twitter blew up with #technologyandstuff tags, and some enterprising memesters came up with stuff like this.

All this was inevitable of course, because the internet loves to take a mistake and multiply it into a cultural thing for poops and giggles. It can't help itself. And, of course, Chevy just wouldn't be able to help from completely freaking out that what was supposed to be a carefully orchestrated sponsorship marketing opportunity had turned into a massive joke. They'd simply have to go into damage control. Except they didn't. Nope, not even a little bit.

That's right. Instead of freaking out, Chevy decided to full on embrace the whole thing. Many commentators have suggested that Chevy should be thanking Wilde for his less-than-perfect pitch of the Chevy line and it seems that the company agrees.

Chevrolet spokesman Mike Albano, in an email, confirmed that Brian Sweeney, U.S. vice president of sales and service for Chevrolet, called Wilde on Thursday to tell him the Chevy team was behind him. Chevrolet spokeswoman Cristi Vazquez said the company saw a "large spike in hits" at Chevrolet.com on Wednesday night, with visits seven times higher than normal.

No kidding. Embracing the meme, even as it mocked the company, was exactly the right thing to do. That said, it isn't always the easiest move to make. Good on Chevy for embracing the meme to its own advantage when using technology and stuff.

from the intelligence-screwups-also-include-typos dept

Everyone makes mistakes. There's hardly anyone out there who can claim a misspelling-free existence. And government employees -- even highly-trained analysts and agents charged with protecting national security -- are no different. Mistakes will be made. Let he who is without sin be the pedantic ass casting stones in the comments below, etc.

The problem is that when mistakes are made on highly-sensitive forms, the damage is almost irreparable. As we've covered extensively, an agent's failure to fill out paperwork properly put a non-terrorist on the government's "no fly" list for over a decade. To add insult to cock-up, the government spent most of that time trying to bury the challenge with layers and layers of "national security" obfuscation. Confirming or denyinganything about terrorist watchlists would somehow lead to terrorists gaming the system.

Speaking of terrorist attacks, the Tsarnaev brothers somehow managed to elude those specifically tasked with preventing events like the Boston Marathon bombing. The same lack of inter-agency communication that allowed some 9/11 terrorists to return to the US unnoticed was at play in the recent attack. Unbelievably, these agencies have used both attacks as justification for leaving their surveillance powers intact, arguing that curtailing these programs will somehow prevent them from stopping the next 9/11 or Boston bombing -- despite having been unable to prevent either of those.

On January 21, 2012 Tsarnaev traveled to JFK airport in New York to board an Aeroflot flight to Moscow.

Though an alert was triggered, Tsarnaev was not pulled out for a secondary search or interview. According to sources familiar with the report, there were almost 100 other names on the “Hot List” of individuals traveling through Customs at JFK that day, and Tsarnaev was not considered high priority.

Tsarnaev flew to Moscow, and then to Dagestan, where he stayed for six months and received jihad training, according to U.S. authorities.

On July 17, 2012, Tsarnaev flew back to the United States, landing at JFK. TECS notes remain in effect for one year. The initial TECS note had expired. The second, more urgent TECS note filed in October 2011 that said he might be armed and dangerous had not.

But no alert was triggered when Tsarnaev passed through Customs at JFK, because of the misspelling of his name on the second TECS note. The difference of one letter – Tsarnayev instead of Tsarnaev – meant that he was not detained or questioned despite the warning in his file, according to sources familiar with the report.

It's the sort of error anyone can make. But it had serious repercussions. In Tsarnaev's case, this error helped contribute to an attack on American citizens.

The government aggressively battles anyone who questions their placement on terrorist watchlists, ignoring the fact that it still employs human beings and that those people -- being human -- will occasionally make mistakes. No one's asserting any sort of maliciousness on the government's behalf in Ibrahim's case, but no one should to be willing to completely excuse its behavior in Tsarnaev's, either.

Errors will be made, but it's of utmost importance to correct them. The government needs to stop pretending its watchlists are infallible. It's not as though this is a recent development and possibly the first time these agencies have been made aware of the lists' shortcomings. Back in 2009, the Office of the Inspector General had this to say about the FBI's list.

We found that the FBI failed to nominate many subjects in the terrorism investigations that we sampled, did not nominate many others in a timely fashion, and did not update or remove watchlist records as required.... We believe that the FBI's failure to consistently nominate subjects of international and domestic terrorism investigations to the terrorist watchlist could pose a risk to national security.

The FBI failed in both directions, failing to add suspected terrorists to the list fast enough and being pretty much unresponsive when it came to removing those not deemed a threat. Add this to the fact that clerical errors will always be present in a certain percentage of records and you have a list whose veracity is highly questionable. But the government doesn't see it that way, and that's the problem.

from the seller's-remorse dept

While we've had stories in the past about incorrect items being shipped to buyers, those stories usually involve a complete disconnect from what was wanted to what was actually delivered. The story of a firearm being shipped is of particular note. That said, what happens when customers get a tangentially related item to what they actually purchased?

Take, for instance, the case of customers of one UK store, who gathered a list of people who pre-ordered the Playstation Vita game Tearaway and accidentally shipped them the Tearaway Playstation Vita bundle, which is comprised of both the game and the handheld console. So what did the retailer do when people happily found out they got brand new Vitas along with their game?

They asked for them back. And, when some of those customers failed to return the incorrectly shipped item, they let loose with the threats.

This is our final notice to politely remind you that you did not order, or pay for, a PS Vita and if you fail to contact us by 5pm (UK time) on 10th December 2013 to arrange a convenient time for the PS Vita to be collected we reserve the right to enforce any and/or all legal remedies available to us.

It's understandable that the retailer hoped for the best in the level of goodwill in their customers, but in what realm does it make sense to legally threaten your customers because you screwed up the shipping items? And, as far as legal remedies go, at least one customer rights group in Britain seems to think they're SOL.

British customer rights website What Consumer says "if you've been sent unsolicited goods, you are entitled to treat them as an unconditional gift and do with them as you choose."

Frankly, it's hard to understand what recourse is afforded a company that sends paying customers higher-valued items instead. Regardless, the combination of the response by the affected customers and the Streisand Effect is probably going to make this store instantly regret the decision to go legal.

from the urls-we-dig-up dept

You might think that with all the supercomputer capabilities available that banks wouldn't make somewhat simple errors with huge dollar amounts. You would be wrong. Human errors can be greatly magnified by automated systems, and these errors seem to happen almost regularly. What would you do if you found more than a few extra bucks in your bank account? Here are just a few recent examples of some pretty big monetary mistakes.